Name : mod_auth_mellon Product : Fedora 29 Version : 0.14.0 Release : 5.fc29 URL : https://github.com/UNINETT/mod_auth_mellon Summary : A SAML 2.0 authentication module for the Apache Httpd Server Description : The mod_auth_mellon module is an authentication service that implements the SAML 2.0 federation protocol. It grants access based on the attributes received in assertions generated by a IdP server.
New upstream release 0.14.2 which also fixes CVE-2019-3878 and CVE-2019-3877 ------------------------------------------------------------------------------- - ChangeLog:
* Fri Mar 22 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-5 - Related: rhbz#1691771 - CVE-2019-3877 mod_auth_mellon: open redirect in logout url when using URLs with backslashes - Related: rhbz#1691136 - CVE-2019-3878 mod_auth_mellon: authentication bypass in ECP flow ------------------------------------------------------------------------------- - References: